admin

0 Comments
A new phishing kit dubbed Tycoon 2FA has raised significant concerns in the cybersecurity community.  Discovered by the Sekoia Threat Detection & Research (TDR) team in October 2023 and discussed in an advisory published today, the kit is associated with the Adversary-in-The-Middle (AiTM) technique and allegedly utilized by multiple threat actors to orchestrate widespread and
0 Comments
Last year ESET published a blogpost about AceCryptor – one of the most popular and prevalent cryptors-as-a-service (CaaS) operating since 2016. For H1 2023 we published statistics from our telemetry, according to which trends from previous periods continued without drastic changes. However, in H2 2023 we registered a significant change in how AceCryptor is used.
0 Comments
Mar 25, 2024NewsroomSupply Chain Attack / Cryptocurrency Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site. “The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with
0 Comments
In a bipartisan effort, the US House of Representatives has approved legislation to curtail the sharing of Americans’ sensitive data with foreign entities.  The bill, known as the Protecting Americans’ Data from Foreign Adversaries Act (HR 7520), spearheaded by Congresswoman Cathy McMorris Rodgers (R-WA) and Frank Pallone (D-NJ), secured an overwhelming vote of 414-0. This legislative move
0 Comments
Mar 24, 2024NewsroomArtificial Intelligence / Cyber Espionage The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting its tactics, leveraging Compiled HTML Help (CHM) files as vectors to deliver malware for harvesting sensitive data. Kimsuky, active since at least 2012, is known to target entities located
0 Comments
The US government has published new distributed denial-of-service (DDoS) attack guidance for public sector entities to help prevent disruption to critical services. The document is designed to serve as a comprehensive resource to address the specific needs and challenges faced by federal, state and local government agencies in defending against DDoS attacks. The advisory noted
0 Comments
Mar 23, 2024NewsroomCyber Espionage / Cyber Warfare The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia’s Foreign Intelligence Service (SVR), which was responsible for breaching SolarWinds and Microsoft. The findings come from Mandiant, which said
0 Comments
A new variant of the wiper malware AcidRain, known as AcidPour, has been discovered by SentinelOne’s threat intelligence team, SentinelLabs. AcidRain is destructive wiper malware attributed to Russian military intelligence. In May 2022, AcidRain was used in a broad-scale cyber-attack against Viasat’s KA-SAT satellites in Ukraine. The malware rendered KA-SAT modems inoperative in Ukraine and
0 Comments
Mar 21, 2024NewsroomThreat Intelligence / Malware The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG. “The attackers compromised the first system, established persistence and added exclusions to antivirus products running on these endpoints as part of their preliminary
0 Comments
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a stark warning yesterday to leaders of critical infrastructure organizations regarding the imminent threat posed by People’s Republic of China (PRC) state-sponsored cyber actors known as “Volt Typhoon.” In collaboration with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and other US government and
0 Comments
Threat researchers have revealed a new cyber-attack using cloaked emails to deceive machine learning (ML) systems, enabling the infiltration of enterprise networks. An advisory published by SlashNext today called the tactic a “Conversation Overflow” attack, a method that circumvents advanced security measures to deliver phishing messages directly into victims’ inboxes. The malicious emails consist of two
0 Comments
Mar 19, 2024The Hacker NewsAPI Security / Vulnerability Application programming interfaces (APIs) are the connective tissue behind digital modernization, helping applications and databases exchange data more effectively. The State of API Security in 2024 Report from Imperva, a Thales company, found that the majority of internet traffic (71%) in 2023 was API calls. What’s more,
0 Comments
A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it’s likely associated with the North Korean state-sponsored group tracked as Kimsuky. “The malware payloads used in the DEEP#GOSU represent a sophisticated, multi-stage threat designed
0 Comments
Video Healthcare organizations remain firmly in attackers’ crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in the US in 2023 15 Mar 2024 More than 20 percent of ransomware attacks that hit critical infrastructure organizations in the United States in 2023 were aimed at the healthcare sector, according to
0 Comments
Mar 15, 2024NewsroomData Privacy / Artificial Intelligence Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According to new research published by Salt Labs, security flaws found directly in ChatGPT and within the ecosystem could
0 Comments
Protected health information and personal details of over a million Irish citizens were accidently exposed by the Ireland’s Health Service Executive (HSE) during the COVID pandemic, according to an AppOmni security researcher. This information included individuals’ vaccine status and type received, which could have been accessed by anyone who registered to the HSE COVID Vaccination
0 Comments
Mar 16, 2024NewsroomMalware / Cybercrime Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro. The campaign, codenamed gitgub, includes 17 repositories associated with 11 different accounts, according to G DATA. The repositories in question have since been taken down by the Microsoft-owned
0 Comments
Something mysterious is happening at the US National Institute of Standards and Technology (NIST) that could make many organizations vulnerable to threat actors. Since February 12, 2024, NIST has almost completely stopped enriching software vulnerabilities listed in its National Vulnerability Database (NVD), the world’s most widely used software vulnerability database. Tom Pace, CEO of firmware
0 Comments
Video We break down the fundamentals of threat intelligence and its role in anticipating and countering emerging threats Alžbeta Kovaľová 14 Mar 2024 The threat landscape is becoming ever more complex and perilous by the day. Adversaries, ranging from state-aligned advanced persistent threats (APTs) to opportunistic cybercriminals, are well-funded, adaptable and relentless, targeting various chinks
0 Comments
Mar 15, 2024NewsroomHardware Security / Data Protection A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines speculative execution and race conditions. “All the common synchronization